Page 443 of 2820 results (0.013 seconds)

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." La función __mptctl_ioctl en el archivo drivers/message/fusion/mptctl.c en el kernel de Linux versiones anteriores a 5.4.14, permite a usuarios locales mantener un bloqueo incorrecto durante la operación ioctl y desencadenar una condición de carrera, es decir, una vulnerabilidad de "double fetch", también se conoce como CID-28d76df18f0a. NOTA: el suplidor afirma "El impacto de seguridad de este bug no es tan malo como podría haber sido debido a que estas operaciones son privilegiadas y la root ya posee un enorme poder destructivo. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0

A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. Una condición de carrera en la función pivot_root en el archivo fs/namespace.c en el kernel de Linux versiones 4.4.x anteriores a la versión 4.4.221, versiones 4.9.x anteriores a la versión 4.9.221, versiones 4.14.x anteriores a la versión 4.14.178, versiones 4.19.x anteriores a 4.19.119, y versiones 5.x anteriores a la versión 5.3, permite a usuarios locales causar una denegación de servicio (pánico) al corromper un contador de referencia de punto de montaje. A flaw was found in the Linux kernel’s implementation of the pivot_root syscall. This flaw allows a local privileged user (root outside or root inside a privileged container) to exploit a race condition to manipulate the reference count of the root filesystem. To be able to abuse this flaw, the process or user calling pivot_root must have advanced permissions. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html http://www.openwall.com/lists/oss-security/2020/05/04/2 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200608-0001 https: • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 1

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. a función usb_sg_cancel en el archivo drivers/usb/core/message.c en el kernel de Linux versiones anteriores a la versión 5.6.8, tiene un uso de la memoria previamente liberada porque se produce una transferencia sin una referencia, también se conoce como CID-056ad39ee925. A use-after-free flaw was found in usb_sg_cancel in drivers/usb/core/message.c in the USB core subsystem. This flaw allows a local attacker with a special user or root privileges to crash the system due to a race problem in the scatter-gather cancellation and transfer completion in usb_sg_wait. This vulnerability can also lead to a leak of internal kernel information. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-a • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way ** EN DISPUTA ** La función snd_ctl_elem_add en el archivo sound/core/control.c en el kernel de Linux versiones hasta 5.6.3, presenta un error de tipografía de count=info-)owner, que se maneja inapropiadamente en la multiplicación private_size*count. NOTA: los ingenieros de kernel disputan este hallazgo, porque podría ser relevante sólo si se agregaran nuevos llamadores que no estuvieran familiarizados con el mal uso del campo info->owner para representar datos no relacionados con el concepto de "owner". Los llamadores existentes, SNDRV_CTL_IOCTL_ELEM_ADD y SNDRV_CTL_IOCTL_ELEM_REPLACE, han sido diseñados para usar indebidamente el campo info->owner de una manera segura. • https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474 https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai%40suse.de https://twitter.com/yabbadabbadrew/status/1248632267028582400 •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. Se detectó un problema en el kernel de Linux versiones anteriores a 5.2, en la plataforma powerpc. El archivo arch/powerpc/kernel/idle_book3s.S no posee la funcionalidad de guardar y restaurar para PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR y PNV_POWERSAVE_AMOR, también se conoce como CID-53a712bae5dd. A flaw was found in the way Linux kernel running on the Power9 processor saves and restores its registers while going in and coming out of an idle state. The issue occurs when a guest kernel has Kernel Userspace Address Protection (KUAP) feature enabled. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://access.redhat.com/errata/RHSA-2019:3517 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=53a712bae5dd919521a58d7bad773b949358add0 https://github.com/torvalds/linux/commit/53a712bae5dd919521a58d7bad773b949358add0 https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208660.html https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April • CWE-393: Return of Wrong Status Code •